admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-03T15:00:26.203185+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-03 15:00:29 +00:00
parent 13aa43a382
commit 827287d994
101 changed files with 823 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-266xx/CVE-2020-26623.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-26623",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:07.777",
"lastModified": "2024-01-02T22:15:07.777",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL descubierta en Gila CMS 1.15.4 y anteriores permite a un atacante remoto ejecutar scripts web arbitrarios a trav\u00e9s del par\u00e1metro Area en la pesta\u00f1a Administration>Widget despu\u00e9s del portal de inicio de sesi\u00f3n."
}
],
"metrics": {},

8
CVE-2020/CVE-2020-266xx/CVE-2020-26624.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-26624",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:07.837",
"lastModified": "2024-01-02T22:15:07.837",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en Gila CMS 1.15.4 y versiones anteriores que permite a un atacante remoto ejecutar scripts web arbitrarios a trav\u00e9s del par\u00e1metro ID despu\u00e9s del portal de inicio de sesi\u00f3n."
}
],
"metrics": {},

8
CVE-2020/CVE-2020-266xx/CVE-2020-26625.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-26625",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:07.880",
"lastModified": "2024-01-02T22:15:07.880",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en Gila CMS 1.15.4 y versiones anteriores que permite a un atacante remoto ejecutar scripts web arbitrarios a trav\u00e9s del par\u00e1metro 'user_id' despu\u00e9s del portal de inicio de sesi\u00f3n."
}
],
"metrics": {},

28
CVE-2023/CVE-2023-376xx/CVE-2023-37607.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-37607",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T14:15:08.747",
"lastModified": "2024-01-03T14:15:08.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information."
}
],
"metrics": {},
"references": [
{
"url": "http://automatic-systems.com",
"source": "cve@mitre.org"
},
{
"url": "http://soc.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/CQURE/CVEs/blob/main/CVE-2023-37607/README.md",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-376xx/CVE-2023-37608.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-37608",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T13:15:08.393",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain sensitive information via the admin login credentials."
}
],
"metrics": {},
"references": [
{
"url": "http://automatic-systems.com",
"source": "cve@mitre.org"
},
{
"url": "http://soc.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/CQURE/CVEs/tree/main/CVE-2023-37608",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-386xx/CVE-2023-38674.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38674",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:08.107",
"lastModified": "2024-01-03T09:15:08.107",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-386xx/CVE-2023-38675.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38675",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:08.340",
"lastModified": "2024-01-03T09:15:08.340",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-386xx/CVE-2023-38676.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38676",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:08.517",
"lastModified": "2024-01-03T09:15:08.517",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-386xx/CVE-2023-38677.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38677",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:08.687",
"lastModified": "2024-01-03T09:15:08.687",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-386xx/CVE-2023-38678.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38678",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:08.877",
"lastModified": "2024-01-03T09:15:08.877",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-396xx/CVE-2023-39655.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39655",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T13:15:08.467",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords and take over their accounts."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-39655",
"source": "cve@mitre.org"
},
{
"url": "https://www.npmjs.com/package/%40perfood/couch-auth",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-417xx/CVE-2023-41776.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41776",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-01-03T02:15:42.993",
"lastModified": "2024-01-03T02:15:42.993",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.\n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escalada de privilegios local en ZXCLOUD iRAI de ZTE. Los atacantes con privilegios de usuario normales pueden crear un proceso falso y escalar privilegios locales."
}
],
"metrics": {

8
CVE-2023/CVE-2023-417xx/CVE-2023-41779.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41779",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-01-03T02:15:43.217",
"lastModified": "2024-01-03T02:15:43.217",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.\n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de acceso ilegal a la memoria del producto ZXCLOUD iRAI de ZTE. Cuando la vulnerabilidad es explotada por un atacante con permiso de usuario com\u00fan, la m\u00e1quina f\u00edsica fallar\u00e1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-417xx/CVE-2023-41780.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41780",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-01-03T02:15:43.403",
"lastModified": "2024-01-03T02:15:43.403",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the \u00a0program \u00a0failed to adequately validate the user's input, an attacker could exploit this vulnerability \u00a0to escalate local privileges.\n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de carga de DLL insegura en ZTE ZXCLOUD iRAI. Debido a que el programa no pudo validar adecuadamente la entrada del usuario, un atacante podr\u00eda aprovechar esta vulnerabilidad para escalar los privilegios locales."
}
],
"metrics": {

8
CVE-2023/CVE-2023-417xx/CVE-2023-41783.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41783",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-01-03T02:15:43.573",
"lastModified": "2024-01-03T02:15:43.573",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the \u00a0program \u00a0failed to adequately validate the user's input, an attacker could exploit this vulnerability \u00a0to escalate local privileges.\n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en ZXCLOUD iRAI de ZTE. Debido a que el programa no pudo validar adecuadamente la entrada del usuario, un atacante podr\u00eda aprovechar esta vulnerabilidad para escalar los privilegios locales."
}
],
"metrics": {

8
CVE-2023/CVE-2023-41xx/CVE-2023-4164.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4164",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-01-02T22:15:08.937",
"lastModified": "2024-01-02T22:15:08.937",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "There is a possible information\u00a0disclosure due to a missing permission check. This could lead to local\u00a0information disclosure of health data with no additional execution\u00a0privileges needed.\n"
},
{
"lang": "es",
"value": "Existe una posible divulgaci\u00f3n de informaci\u00f3n debido a que falta una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local de datos de salud sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {

8
CVE-2023/CVE-2023-423xx/CVE-2023-42358.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42358",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T06:15:47.063",
"lastModified": "2024-01-03T06:15:47.063",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en O-RAN Software Community ric-plt-e2mgr en el entorno G-Release, que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una solicitud manipulada al componente API de E2Manager."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-455xx/CVE-2023-45561.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45561",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.530",
"lastModified": "2024-01-02T21:15:09.530",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en A-WORLD OIRASE BEER_waiting Line v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-457xx/CVE-2023-45722.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45722",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:09.200",
"lastModified": "2024-01-03T03:15:09.200",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. \u00a0The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application.\n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por la vulnerabilidad de lectura de archivos arbitrarios de path traversal porque utiliza entrada externa para construir un nombre de ruta destinado a identificar un archivo o directorio que se encuentra debajo de un directorio principal restringido. El producto no neutraliza adecuadamente los elementos especiales dentro del nombre de ruta que pueden hacer que el nombre de ruta se resuelva en una ubicaci\u00f3n que est\u00e1 fuera del directorio restringido. Las posibles explotaciones pueden interrumpir por completo la aplicaci\u00f3n o apoderarse de ella."
}
],
"metrics": {

8
CVE-2023/CVE-2023-457xx/CVE-2023-45723.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45723",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:09.380",
"lastModified": "2024-01-03T03:15:09.380",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. \u00a0Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.\n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de path traversal que permite la capacidad de carga de archivos. Ciertos endpoint permiten a los usuarios manipular la ruta (incluido el nombre del archivo) donde se almacenan estos archivos en el servidor."
}
],
"metrics": {

8
CVE-2023/CVE-2023-457xx/CVE-2023-45724.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45724",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:09.537",
"lastModified": "2024-01-03T03:15:09.537",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication.\n"
},
{
"lang": "es",
"value": "El producto HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de carga de archivos no autenticados. La aplicaci\u00f3n web permite cargar un determinado archivo sin requerir autenticaci\u00f3n del usuario."
}
],
"metrics": {

8
CVE-2023/CVE-2023-458xx/CVE-2023-45892.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45892",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.583",
"lastModified": "2024-01-02T21:15:09.583",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information."
},
{
"lang": "es",
"value": "Un problema descubierto en las p\u00e1ginas de Order y Invoice en Floorsight Insights Q3 2023 permite a un atacante remoto no autenticado ver informaci\u00f3n confidencial del cliente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-458xx/CVE-2023-45893.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45893",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.630",
"lastModified": "2024-01-02T21:15:09.630",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information."
},
{
"lang": "es",
"value": "Una referencia de objeto indirecto (IDOR) en las p\u00e1ginas Order y Invoice de Floorsight Customer Portal Q3 2023 permite a un atacante remoto no autenticado ver informaci\u00f3n confidencial del cliente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-463xx/CVE-2023-46308.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46308",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T05:15:11.360",
"lastModified": "2024-01-03T05:15:11.360",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty."
},
{
"lang": "es",
"value": "En Plotly plotly.js anterior a 2.25.2, las llamadas a la API de trazado tienen el riesgo de que __proto__ se contamine en expandObjectPaths o nestedProperty."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-474xx/CVE-2023-47458.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47458",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.673",
"lastModified": "2024-01-02T21:15:09.673",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework."
},
{
"lang": "es",
"value": "Un problema en SpringBlade v.3.7.0 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s de la falta de un framework de permisos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-474xx/CVE-2023-47473.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47473",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T07:15:07.350",
"lastModified": "2024-01-03T07:15:07.350",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script."
},
{
"lang": "es",
"value": "Vulnerabilidad de directory traversal en fuwushe.org iFair versiones 23.8_ad0 y anteriores permite a un atacante obtener informaci\u00f3n confidencial a trav\u00e9s de un script manipulado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-484xx/CVE-2023-48418.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48418",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-01-02T23:15:11.000",
"lastModified": "2024-01-02T23:15:11.000",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\u00a0In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a\n\u00a0 \u00a0 possible way to access adb before SUW completion due to an insecure default\n\u00a0 \u00a0 value. This could lead to local escalation of privilege with no additional\n\u00a0 \u00a0 execution privileges needed. User interaction is not needed for\n\u00a0 \u00a0 exploitation\n"
},
{
"lang": "es",
"value": "En checkDebuggingDisallowed de DeviceVersionFragment.java, existe una forma posible de acceder a adb antes de que se complete SUW debido a un valor predeterminado inseguro. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-495xx/CVE-2023-49549.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49549",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T23:15:12.107",
"lastModified": "2024-01-02T23:15:12.107",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file."
},
{
"lang": "es",
"value": "Un problema en Cesanta mjs 2.20.0 permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n mjs_getretvalpos en el archivo msj.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-495xx/CVE-2023-49550.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49550",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T23:15:12.167",
"lastModified": "2024-01-02T23:15:12.167",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component."
},
{
"lang": "es",
"value": "Un problema en Cesanta mjs 2.20.0 permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s del componente mjs+0x4ec508."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-495xx/CVE-2023-49551.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49551",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T23:15:12.233",
"lastModified": "2024-01-02T23:15:12.233",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file."
},
{
"lang": "es",
"value": "Un problema en Cesanta mjs 2.20.0 permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n mjs_op_json_parse en el archivo msj.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-495xx/CVE-2023-49552.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49552",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T23:15:12.290",
"lastModified": "2024-01-02T23:15:12.290",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file."
},
{
"lang": "es",
"value": "Una escritura fuera de los l\u00edmites en Cesanta mjs 2.20.0 permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n mjs_op_json_stringify en el archivo msj.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-495xx/CVE-2023-49553.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49553",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T23:15:12.333",
"lastModified": "2024-01-02T23:15:12.333",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file."
},
{
"lang": "es",
"value": "Un problema en Cesanta mjs 2.20.0 permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n mjs_destroy en el archivo msj.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-495xx/CVE-2023-49554.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49554",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T00:15:08.987",
"lastModified": "2024-01-03T00:15:08.987",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Use After Free en YASM 1.3.0.86.g9def permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n do_directive en el componente modules/preprocs/nasm/nasm-pp.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-495xx/CVE-2023-49555.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49555",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T00:15:09.047",
"lastModified": "2024-01-03T00:15:09.047",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component."
},
{
"lang": "es",
"value": "Un problema en YASM 1.3.0.86.g9def permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n expand_smacro en el componente modules/preprocs/nasm/nasm-pp.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-495xx/CVE-2023-49556.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49556",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T00:15:09.090",
"lastModified": "2024-01-03T00:15:09.090",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en YASM 1.3.0.86.g9def permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n expr_delete_term en el componente libyasm/expr.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-495xx/CVE-2023-49557.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49557",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T00:15:09.147",
"lastModified": "2024-01-03T00:15:09.147",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component."
},
{
"lang": "es",
"value": "Un problema en YASM 1.3.0.86.g9def permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n yasm_section_bcs_first en el componente libyasm/section.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-495xx/CVE-2023-49558.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49558",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T00:15:09.203",
"lastModified": "2024-01-03T00:15:09.203",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component."
},
{
"lang": "es",
"value": "Un problema en YASM 1.3.0.86.g9def permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n expand_mmac_params en el componente modules/preprocs/nasm/nasm-pp.c."
}
],
"metrics": {},

104
CVE-2023/CVE-2023-497xx/CVE-2023-49791.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49791",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T17:15:08.683",
"lastModified": "2023-12-22T20:32:34.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T14:35:15.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available."
},
{
"lang": "es",
"value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. En Nextcloud Server anteriores a las versiones 26.0.9 y 27.1.4; as\u00ed como Nextcloud Enterprise Server anteriores a las versiones 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9 y 27.1.4; Cuando un atacante logra acceder a una sesi\u00f3n activa de otro usuario de otra manera, podr\u00eda eliminar y modificar los workflows enviando llamadas directamente a la API sin pasar por la confirmaci\u00f3n de contrase\u00f1a que se muestra en la interfaz de usuario. Las versiones 26.0.9 y 27.1.4 de Nextcloud Server y las versiones 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9 y 27.1.4 de Nextcloud Enterprise Server contienen un parche para este problema. No hay soluciones conocidas disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +74,88 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.0.12.13",
"matchCriteriaId": "0F8E7D0E-96C0-423D-BCCB-0C4CA37C3EA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.12.9",
"matchCriteriaId": "D26A27E2-D4E5-4028-8C16-2956094F9DAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.13.4",
"matchCriteriaId": "B7B7713B-F08A-4772-B0B7-81A14E189B5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.9",
"matchCriteriaId": "2A2A5F1D-BBCC-4246-A486-719A2A3C0315"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.9",
"matchCriteriaId": "AE6D3891-AC1C-403C-9DAB-8036D6114068"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.4",
"matchCriteriaId": "1C7A7798-35A1-45A4-9E18-C37ADFC668E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.4",
"matchCriteriaId": "75E8F82C-08F6-429B-8F06-59F099B78170"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3f8p-6qww-2prr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/41520",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://hackerone.com/reports/2120667",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
]
}
]
}

104
CVE-2023/CVE-2023-497xx/CVE-2023-49792.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49792",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T17:15:08.880",
"lastModified": "2023-12-22T20:32:34.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T14:29:18.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available."
},
{
"lang": "es",
"value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. En Nextcloud Server anteriores a las versiones 26.0.9 y 27.1.4; as\u00ed como Nextcloud Enterprise Server anteriores a las versiones 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9 y 27.1.4; cuando un proxy (inverso) se configura como proxy confiable, se podr\u00eda enga\u00f1ar al servidor para que lea una direcci\u00f3n remota incorrecta para un atacante, permiti\u00e9ndole ejecutar intentos de autenticaci\u00f3n de los previstos. Las versiones 26.0.9 y 27.1.4 de Nextcloud Server y las versiones 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9 y 27.1.4 de Nextcloud Enterprise Server contienen un parche para este problema. No hay soluciones conocidas disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,88 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.0.12.13",
"matchCriteriaId": "0F8E7D0E-96C0-423D-BCCB-0C4CA37C3EA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.12.9",
"matchCriteriaId": "D26A27E2-D4E5-4028-8C16-2956094F9DAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.13.4",
"matchCriteriaId": "B7B7713B-F08A-4772-B0B7-81A14E189B5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.9",
"matchCriteriaId": "2A2A5F1D-BBCC-4246-A486-719A2A3C0315"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.9",
"matchCriteriaId": "AE6D3891-AC1C-403C-9DAB-8036D6114068"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.4",
"matchCriteriaId": "1C7A7798-35A1-45A4-9E18-C37ADFC668E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.4",
"matchCriteriaId": "75E8F82C-08F6-429B-8F06-59F099B78170"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5j2p-q736-hw98",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/41526",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://hackerone.com/reports/2230915",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
]
}
]
}

8
CVE-2023/CVE-2023-497xx/CVE-2023-49794.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49794",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T20:15:10.020",
"lastModified": "2024-01-02T20:15:10.020",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available."
},
{
"lang": "es",
"value": "KernelSU es una soluci\u00f3n ra\u00edz basada en Kernel para dispositivos Android. En las versiones 0.7.1 y anteriores, se puede omitir la l\u00f3gica de obtener la ruta de la apk en el m\u00f3dulo del kernel KernelSU, lo que hace que cualquier apk malicioso llamado `me.weishu.kernelsu` obtenga permiso de root. Si un dispositivo con el m\u00f3dulo KernelSU instalado intenta instalar cualquier apk no marcado cuyo nombre de paquete sea igual al administrador oficial de KernelSU, puede asumir los privilegios de root en el dispositivo. Al momento de la publicaci\u00f3n, no hay una versi\u00f3n parcheada disponible."
}
],
"metrics": {

8
CVE-2023/CVE-2023-500xx/CVE-2023-50019.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50019",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:09.147",
"lastModified": "2024-01-02T22:15:09.147",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en open5gs v2.6.6. InitialUEMessage, la solicitud de registro enviada en un momento espec\u00edfico puede bloquear AMF debido a un manejo incorrecto de errores de la respuesta Nudm_UECM_Registration."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-500xx/CVE-2023-50020.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50020",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:09.190",
"lastModified": "2024-01-02T22:15:09.190",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en open5gs v2.6.6. SIGPIPE se puede utilizar para bloquear AMF."
}
],
"metrics": {},

24
CVE-2023/CVE-2023-500xx/CVE-2023-50092.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50092",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T13:15:08.523",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS)."
}
],
"metrics": {},
"references": [
{
"url": "https://apiida.com/product/apiida-api-gateway-manager/",
"source": "cve@mitre.org"
},
{
"url": "https://senscybersecurity.nl/cve-2023-50092-explained/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-500xx/CVE-2023-50093.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50093",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T14:15:08.840",
"lastModified": "2024-01-03T14:15:08.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection."
}
],
"metrics": {},
"references": [
{
"url": "https://apiida.com/product/apiida-api-gateway-manager/",
"source": "cve@mitre.org"
},
{
"url": "https://senscybersecurity.nl/cve-2023-50093-explained/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-503xx/CVE-2023-50341.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50341",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:10.127",
"lastModified": "2024-01-03T03:15:10.127",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a \"Missing Access Control\" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.\n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de control de acceso inadecuado (p\u00e1ginas web obsoletas). El descubrimiento de p\u00e1ginas web obsoletas y accesibles refleja una vulnerabilidad de \"Missing Access Control\", que podr\u00eda provocar la exposici\u00f3n inadvertida de informaci\u00f3n confidencial y/o la exposici\u00f3n de un endpoint vulnerable."
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50342.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50342",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:10.817",
"lastModified": "2024-01-03T03:15:10.817",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. \u00a0A user can obtain certain details about another user as a result of improper access control.\n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de referencia directa a objetos inseguros (IDOR). Un usuario puede obtener ciertos detalles sobre otro usuario como resultado de un control de acceso inadecuado."
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50343.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50343",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:11.210",
"lastModified": "2024-01-03T03:15:11.210",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.\n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de control de acceso inadecuado (API del controlador). Ciertos endpoint de API son accesibles para los usuarios administradores de clientes que pueden permitir el acceso a informaci\u00f3n confidencial sobre otros usuarios."
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50344.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50344",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:11.373",
"lastModified": "2024-01-03T03:15:11.373",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.\n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de control de acceso inadecuado (descarga de archivos no autenticados). Un usuario no autenticado puede descargar ciertos archivos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50345.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50345",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T02:15:43.757",
"lastModified": "2024-01-03T02:15:43.757",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats.\n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de Open Redirect que podr\u00eda permitir a un atacante redirigir a los usuarios a sitios maliciosos, lo que podr\u00eda provocar ataques de phishing u otras amenazas a la seguridad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50346.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50346",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T02:15:43.913",
"lastModified": "2024-01-03T02:15:43.913",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information.\n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Ciertos endpoints dentro de la aplicaci\u00f3n revelan informaci\u00f3n detallada del archivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50348.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50348",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T02:15:44.070",
"lastModified": "2024-01-03T02:15:44.070",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc.\n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de manejo inadecuado de errores. La aplicaci\u00f3n devuelve mensajes de error detallados que pueden proporcionar al atacante informaci\u00f3n sobre la aplicaci\u00f3n, el sistema, etc."
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50350.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50350",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T02:15:44.227",
"lastModified": "2024-01-03T02:15:44.227",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. \n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por el uso de un algoritmo criptogr\u00e1fico roto para el cifrado, lo que potencialmente brinda al atacante la capacidad de descifrar informaci\u00f3n confidencial."
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50351.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50351",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T02:15:44.387",
"lastModified": "2024-01-03T02:15:44.387",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data.\n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por el uso de un mecanismo de rotaci\u00f3n de claves inseguro que puede permitir que un atacante comprometa la confidencialidad o integridad de los datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-507xx/CVE-2023-50711.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50711",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T20:15:10.250",
"lastModified": "2024-01-02T20:15:10.250",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. This ensures that users cannot trigger out-of-bounds memory access from Rust-safe code."
},
{
"lang": "es",
"value": "vmm-sys-util es una colecci\u00f3n de m\u00f3dulos que proporciona ayudas y utilidades utilizadas por m\u00faltiples componentes de Rust-VMM. A partir de la versi\u00f3n 0.5.0 y antes de la versi\u00f3n 0.12.0, un problema en la implementaci\u00f3n de `FamStructWrapper::deserialize` proporcionada por la caja para `vmm_sys_util::fam::FamStructWrapper` puede provocar accesos a la memoria fuera de los l\u00edmites. La deserializaci\u00f3n no verifica que la longitud almacenada en el encabezado coincida con la longitud de la matriz flexible. La falta de coincidencia en las longitudes podr\u00eda permitir el acceso a la memoria fuera de los l\u00edmites a trav\u00e9s de m\u00e9todos seguros para Rust. El problema se corrigi\u00f3 en la versi\u00f3n 0.12.0 insertando una verificaci\u00f3n que verifica que las longitudes de las matrices flexibles comparadas sean iguales para cualquier encabezado deserializado y, en caso contrario, abortando la deserializaci\u00f3n. Adem\u00e1s, la API se cambi\u00f3 para que la longitud del encabezado solo se pueda modificar mediante c\u00f3digo no seguro para Rust. Esto garantiza que los usuarios no puedan activar el acceso a la memoria fuera de los l\u00edmites desde el c\u00f3digo seguro para Rust."
}
],
"metrics": {

4
CVE-2023/CVE-2023-509xx/CVE-2023-50921.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50921",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T09:15:09.067",
"lastModified": "2024-01-03T09:15:09.067",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-509xx/CVE-2023-50922.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50922",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T08:15:09.607",
"lastModified": "2024-01-03T08:15:09.607",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en dispositivos GL.iNet hasta 4.5.0. Los atacantes que pueden robar la cookie AdminToken pueden ejecutar c\u00f3digo arbitrario cargando un archivo con formato crontab en un directorio espec\u00edfico y esperando su ejecuci\u00f3n. Esto afecta a A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7 y B1300 4.3.7."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-516xx/CVE-2023-51652.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51652",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T20:15:10.453",
"lastModified": "2024-01-02T20:15:10.453",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `<tagrules>` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don't address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy."
},
{
"lang": "es",
"value": "OWASP AntiSamy .NET es una librer\u00eda para realizar la limpieza de HTML proveniente de fuentes no confiables. Antes de la versi\u00f3n 1.2.0, exist\u00eda la posibilidad de que se produjera una vulnerabilidad de mutaci\u00f3n de cross site scripting (mXSS) en AntiSamy causada por un an\u00e1lisis defectuoso del HTML que se estaba sanitizando. Para estar sujeto a esta vulnerabilidad, la directiva `preserveComments` debe estar habilitada en su archivo de pol\u00edtica y tambi\u00e9n permitir ciertas etiquetas al mismo tiempo. Como resultado, ciertas entradas astutas pueden dar lugar a que los elementos de las etiquetas de comentarios se interpreten como ejecutables cuando se utiliza la salida sanitizada de AntiSamy. Esto est\u00e1 parcheado en OWASP AntiSamy .NET 1.2.0 y posteriores. Consulte detalles importantes de remediaci\u00f3n en la referencia que se proporciona a continuaci\u00f3n. Como workaround, edite manualmente el archivo de pol\u00edtica AntiSamy (por ejemplo, antisamy.xml) eliminando la directiva `preserveComments` o estableciendo su valor en `false`, si est\u00e1 presente. Tambi\u00e9n ser\u00eda \u00fatil hacer que AntiSamy elimine la etiqueta `noscript` agregando una l\u00ednea descrita en GitHub Security Advisory a las definiciones de etiquetas en el nodo ``, o elimin\u00e1ndola por completo si est\u00e1 presente. Como las configuraciones de pol\u00edticas mencionadas anteriormente son condiciones previas para que funcione el ataque mXSS, cambiarlas seg\u00fan lo recomendado deber\u00eda ser suficiente para protegerlo contra esta vulnerabilidad cuando utilice una versi\u00f3n vulnerable de esta librer\u00eda. Sin embargo, el error existente a\u00fan estar\u00eda presente en AntiSamy o su dependencia del analizador (HtmlAgilityPack). La seguridad de esta soluci\u00f3n depende de configuraciones que pueden cambiar en el futuro y no abordan la causa ra\u00edz de la vulnerabilidad. Como tal, se recomienda encarecidamente actualizar a una versi\u00f3n fija de AntiSamy."
}
],
"metrics": {

4
CVE-2023/CVE-2023-517xx/CVE-2023-51784.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51784",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-03T10:15:09.027",
"lastModified": "2024-01-03T12:15:23.883",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-517xx/CVE-2023-51785.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51785",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-03T10:15:09.130",
"lastModified": "2024-01-03T12:15:23.953",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-523xx/CVE-2023-52302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52302",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:09.110",
"lastModified": "2024-01-03T09:15:09.110",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-523xx/CVE-2023-52303.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52303",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:09.277",
"lastModified": "2024-01-03T09:15:09.277",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-523xx/CVE-2023-52304.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52304",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:09.447",
"lastModified": "2024-01-03T09:15:09.447",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-523xx/CVE-2023-52305.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52305",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:09.617",
"lastModified": "2024-01-03T09:15:09.617",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FPE in paddle.topk\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
},
{
"lang": "es",
"value": "FPE en paddle.topk en PaddlePaddle antes de 2.6.0. Esta falla puede provocar un bloqueo del tiempo de ejecuci\u00f3n y una denegaci\u00f3n de servicio."
}
],
"metrics": {

4
CVE-2023/CVE-2023-523xx/CVE-2023-52306.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52306",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:09.793",
"lastModified": "2024-01-03T09:15:09.793",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-523xx/CVE-2023-52307.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52307",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:09.970",
"lastModified": "2024-01-03T09:15:09.970",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-523xx/CVE-2023-52308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52308",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:10.170",
"lastModified": "2024-01-03T09:15:10.170",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-523xx/CVE-2023-52309.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52309",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:10.340",
"lastModified": "2024-01-03T09:15:10.340",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-523xx/CVE-2023-52310.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52310",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:10.520",
"lastModified": "2024-01-03T09:15:10.520",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-523xx/CVE-2023-52311.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52311",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:10.720",
"lastModified": "2024-01-03T09:15:10.720",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-523xx/CVE-2023-52312.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52312",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:10.903",
"lastModified": "2024-01-03T09:15:10.903",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-523xx/CVE-2023-52313.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52313",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:11.083",
"lastModified": "2024-01-03T09:15:11.083",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-523xx/CVE-2023-52314.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52314",
"sourceIdentifier": "paddle-security@baidu.com",
"published": "2024-01-03T09:15:11.267",
"lastModified": "2024-01-03T09:15:11.267",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-63xx/CVE-2023-6339.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6339",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-01-02T22:15:09.237",
"lastModified": "2024-01-02T22:15:09.237",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Google Nest WiFi Pro root code-execution & user-data compromise"
},
{
"lang": "es",
"value": "Ejecuci\u00f3n del c\u00f3digo ra\u00edz de Google Nest WiFi Pro y compromiso de los datos del usuario"
}
],
"metrics": {

8
CVE-2023/CVE-2023-65xx/CVE-2023-6524.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6524",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T06:15:47.120",
"lastModified": "2024-01-03T06:15:47.120",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "MapPress Maps for WordPress plugin for WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del par\u00e1metro map title en todas las versiones hasta la 2.88.13 inclusive debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados con acceso de colaborador o superior inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2023/CVE-2023-66xx/CVE-2023-6600.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6600",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T06:15:47.337",
"lastModified": "2024-01-03T06:15:47.337",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched."
},
{
"lang": "es",
"value": "OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress es vulnerable a modificaciones no autorizadas de datos y cross site scripting almacenado debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n update_settings() conectada a trav\u00e9s de admin_init en todas las versiones hasta la 5.7.9 inclusive. Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del complemento, que puede usarse para inyectar payloads de Cross-Site Scripting y eliminar directorios completos. Tenga en cuenta que hubo varios intentos de parchear y consideramos que la versi\u00f3n 5.7.10 es la m\u00e1s parcheada."
}
],
"metrics": {

4
CVE-2023/CVE-2023-66xx/CVE-2023-6621.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6621",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-03T09:15:11.440",
"lastModified": "2024-01-03T09:15:11.440",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-66xx/CVE-2023-6629.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6629",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T05:15:11.463",
"lastModified": "2024-01-03T05:15:11.463",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018msg\u2019 parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress es vulnerable a cross site scripting reflejado a trav\u00e9s del par\u00e1metro 'msg' en todas las versiones hasta la 2.8.6 inclusive debido a una sanitizaci\u00f3n de entrada y escape insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

4
CVE-2023/CVE-2023-67xx/CVE-2023-6747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6747",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T09:15:11.487",
"lastModified": "2024-01-03T09:15:11.487",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-69xx/CVE-2023-6980.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6980",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T06:15:47.500",
"lastModified": "2024-01-03T06:15:47.500",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "WP SMS \u2013 Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 6.5 inclusive. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la acci\u00f3n \"delete\" de la p\u00e1gina wp-sms-subscribers. Esto hace posible que atacantes no autenticados eliminen suscriptores mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2023/CVE-2023-69xx/CVE-2023-6981.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6981",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T06:15:47.663",
"lastModified": "2024-01-03T06:15:47.663",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can leveraged to achieve Reflected Cross-site Scripting."
},
{
"lang": "es",
"value": "WP SMS \u2013 Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'group_id' en todas las versiones hasta la 6.5 inclusive debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos. Esto se puede aprovechar para lograr cross site scripting reflejado."
}
],
"metrics": {

4
CVE-2023/CVE-2023-69xx/CVE-2023-6984.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6984",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T09:15:11.647",
"lastModified": "2024-01-03T09:15:11.647",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-69xx/CVE-2023-6986.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6986",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T07:15:07.483",
"lastModified": "2024-01-03T07:15:07.483",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps &amp; Any Documents in Gutenberg &amp; Elementor plugin for WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del c\u00f3digo corto embed_oembed_html del complemento en todas las versiones hasta la 3.9.5 (exclusivo) debido a una sanitizaci\u00f3n insuficiente de las entradas y a que la salida se escape en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2023/CVE-2023-70xx/CVE-2023-7027.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7027",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T05:15:11.700",
"lastModified": "2024-01-03T05:15:11.700",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018device\u2019 header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del encabezado 'device' en todas las versiones hasta la 2.8.7 inclusive debido a una sanitizaci\u00f3n de entrada y escape insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2023/CVE-2023-70xx/CVE-2023-7068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7068",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T09:15:11.810",
"lastModified": "2024-01-03T09:15:11.810",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-01xx/CVE-2024-0191.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0191",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T20:15:10.700",
"lastModified": "2024-01-02T20:15:10.700",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en RRJ Nueva Ecija Engineer Online Portal 1.0. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/uploads/ es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la exposici\u00f3n de la informaci\u00f3n de archivos y directorios. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249504."
}
],
"metrics": {

8
CVE-2024/CVE-2024-01xx/CVE-2024-0192.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0192",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T20:15:10.933",
"lastModified": "2024-01-02T20:15:10.933",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en RRJ Nueva Ecija Engineer Online Portal 1.0. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo downloadable.php del componente Add Downloadable es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249505."
}
],
"metrics": {

8
CVE-2024/CVE-2024-01xx/CVE-2024-0194.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0194",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T21:15:09.760",
"lastModified": "2024-01-02T21:15:09.760",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en CodeAstro Internet Banking System hasta 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo pages_account.php del componente Profile Picture Handler. La manipulaci\u00f3n conduce a una carga sin restricciones. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249509."
}
],
"metrics": {

8
CVE-2024/CVE-2024-01xx/CVE-2024-0195.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0195",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T21:15:10.003",
"lastModified": "2024-01-02T21:15:10.003",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en spider-flow 0.4.3 y clasificada como cr\u00edtica. La funci\u00f3n FunctionService.saveFunction del archivo src/main/java/org/spiderflow/controller/FunctionController.java es afectada por la vulnerabilidad. La manipulaci\u00f3n conduce a la inyecci\u00f3n de c\u00f3digo. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249510 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-01xx/CVE-2024-0196.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0196",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T22:15:09.453",
"lastModified": "2024-01-02T22:15:09.453",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Magic-Api hasta 2.0.1 y clasificada como cr\u00edtica. Una funcionalidad desconocida del archivo /resource/file/api/save?auto=1 es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la inyecci\u00f3n de c\u00f3digo. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249511."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0201.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0201",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T10:15:09.240",
"lastModified": "2024-01-03T10:15:09.240",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings."
},
{
"lang": "es",
"value": "Product Expiry for WooCommerce plugin for WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'save_settings' en versiones hasta la 2.5 inclusive. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor o superiores, actualicen la configuraci\u00f3n del complemento."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0207.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0207",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-03T08:15:10.053",
"lastModified": "2024-01-03T08:15:10.053",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"
},
{
"lang": "es",
"value": "El fallo del disector HTTP3 en Wireshark 4.2.0 permite la denegaci\u00f3n de servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado"
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0208.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0208",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-03T08:15:10.340",
"lastModified": "2024-01-03T08:15:10.340",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file"
},
{
"lang": "es",
"value": "El fallo del disector GVCP en Wireshark 4.2.0, 4.0.0 a 4.0.11 y 3.6.0 a 3.6.19 permite la denegaci\u00f3n de servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado"
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0209.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0209",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-03T08:15:10.793",
"lastModified": "2024-01-03T08:15:10.793",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file"
},
{
"lang": "es",
"value": "El fallo del disector IEEE 1609.2 en Wireshark 4.2.0, 4.0.0 a 4.0.11 y 3.6.0 a 3.6.19 permite la denegaci\u00f3n de servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado"
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0210.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0210",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-03T08:15:11.150",
"lastModified": "2024-01-03T08:15:11.150",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"
},
{
"lang": "es",
"value": "El fallo del disector Zigbee TLV en Wireshark 4.2.0 permite la denegaci\u00f3n de servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado"
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0211.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0211",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-03T08:15:11.443",
"lastModified": "2024-01-03T08:15:11.443",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"
},
{
"lang": "es",
"value": "El fallo del disector DOCSIS en Wireshark 4.2.0 permite la denegaci\u00f3n de servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado"
}
],
"metrics": {

8
CVE-2024/CVE-2024-216xx/CVE-2024-21623.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21623",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T21:15:10.250",
"lastModified": "2024-01-02T21:15:10.250",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient \"`Analysis - SonarCloud`\" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue."
},
{
"lang": "es",
"value": "OTCLient es un cliente de tibia alternativo para otserv. Antes de confirmar db560de0b56476c87a2f967466407939196dd254, el workflow /mehah/otclient \"`Analysis - SonarCloud`\" es vulnerable a una inyecci\u00f3n de expresi\u00f3n en Actions, lo que permite a un atacante ejecutar comandos de forma remota en el ejecutor, filtrar secretos y alterar el repositorio utilizando este workflow. La confirmaci\u00f3n db560de0b56476c87a2f967466407939196dd254 contiene una soluci\u00f3n para este problema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-216xx/CVE-2024-21627.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21627",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T21:15:10.467",
"lastModified": "2024-01-02T21:15:10.467",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`."
},
{
"lang": "es",
"value": "PrestaShop es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. Antes de las versiones 8.1.3 y 1.7.8.11, el m\u00e9todo `isCleanHTML` no detecta algunos atributos de eventos. Algunos m\u00f3dulos que utilizan el m\u00e9todo `isCleanHTML` podr\u00edan ser vulnerables a cross site scripting. Las versiones 8.1.3 y 1.7.8.11 contienen un parche para este problema. La mejor soluci\u00f3n es utilizar la biblioteca `HTMLPurifier` para sanitizar la entrada HTML proveniente de los usuarios. La biblioteca ya est\u00e1 disponible como dependencia en el proyecto PrestaShop. Sin embargo, tenga en cuenta que en los modelos de objetos heredados, los campos de tipo `HTML` llamar\u00e1n `isCleanHTML`."
}
],
"metrics": {

8
CVE-2024/CVE-2024-216xx/CVE-2024-21628.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21628",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T22:15:09.687",
"lastModified": "2024-01-02T22:15:09.687",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue."
},
{
"lang": "es",
"value": "PrestaShop es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. Antes de la versi\u00f3n 8.1.3, el m\u00e9todo isCleanHtml no se utiliza en este formulario, lo que hace posible almacenar un payload de cross site scripting en la base de datos. El impacto es bajo porque el HTML no se interpreta en BO, gracias al mecanismo de escape de twig. En FO, el ataque de cross site scripting es efectivo, pero solo afecta al cliente que lo env\u00eda o a la sesi\u00f3n del cliente desde donde se envi\u00f3. Este problema afecta a quienes tienen un m\u00f3dulo que recupera estos mensajes de la base de datos y los muestra sin escapar del HTML. La versi\u00f3n 8.1.3 contiene un parche para este problema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-216xx/CVE-2024-21629.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21629",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T22:15:09.897",
"lastModified": "2024-01-02T22:15:09.897",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available."
},
{
"lang": "es",
"value": "Rust EVM es un int\u00e9rprete de m\u00e1quina virtual Ethereum. En \"rust-evm\", se introdujo una funci\u00f3n llamada \"record_external_operation\", que permite a los usuarios de la librer\u00eda registrar cambios de gas personalizados. Esta caracter\u00edstica puede tener algunas interacciones falsas con la pila de llamadas. En particular, durante la finalizaci\u00f3n de `CREATE` o `CREATE2`, en el caso de que la ejecuci\u00f3n de la subpila se realice exitosamente, `rust-evm` primero confirmar\u00e1 el subestado y luego llamar\u00e1 a `record_external_operation(Write(out_code.len()) )`. Si `record_external_operation` falla posteriormente, este error se devuelve a la pila de llamadas principal, en lugar de `Succeeded`. Sin embargo, el compromiso subestatal ya se produjo. Esto hace que los contratos inteligentes puedan realizar cambios de estado, cuando el contrato principal de la persona que llama recibe una direcci\u00f3n cero (lo que generalmente indica que la ejecuci\u00f3n ha fallado). Este problema solo afecta a los usuarios de la biblioteca con `record_external_operative` personalizado que devuelve errores. El problema se solucion\u00f3 en la versi\u00f3n 0.41.1. No hay soluciones conocidas disponibles."
}
],
"metrics": {

8
CVE-2024/CVE-2024-216xx/CVE-2024-21632.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21632",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T22:15:10.103",
"lastModified": "2024-01-02T22:15:10.103",
"vulnStatus": "Received",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue.\n"
},
{
"lang": "es",
"value": "omniauth-microsoft_graph proporciona una estrategia Omniauth para la API de Microsoft Graph. Antes de las versiones 2.0.0, la implementaci\u00f3n no validaba la legitimidad del atributo \"email\" del usuario ni daba/documentaba una opci\u00f3n para hacerlo, lo que la hac\u00eda susceptible a una mala configuraci\u00f3n de nOAuth en los casos en que se utiliza el \"email\". como identificador de usuario confiable. Esto podr\u00eda llevar a la apropiaci\u00f3n de cuentas. La versi\u00f3n 2.0.0 contiene una soluci\u00f3n para este problema."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More